System for inference of presence of network infrastructure devices

ABSTRACT

A device discovery module of a network management software is utilized to discover the presence of layer- 2  network devices. When enabled by a command from the network management software, the device discovery module may be configured to query or poll all network devices for information. The device discovery module may be configured to seek address information from an address resolution protocol (“ARP”) cache of a queried network device. The ARP cache may contain addresses, e.g., layer- 2  address, of other network devices contacted by the queried network device. The device discovery module may be further configured to retrieve from the queried network device the port type and port configuration. After retrieving the address information, the device discovery module organizes the address information in an ordered list starting with the identified port of a network device and address information detected on the identified port. If the identified port has been identified as a single point-to-point connection, and there are multiple address detected on that port, this is an inference that there is a device connecting the remote device of the identified port with the devices of each address heard. Otherwise, if the identified port has been identified as a single point-to-point connection, and there is only one address detected, this is an inference that there are no intervening devices.

TECHNICAL FIELD

[0001] The invention relates to management of a network. Moreparticularly, the invention relates to improving the detection oflayer-2 remote devices in a network to obtain an accurate depiction ofthe network.

DESCRIPTION OF THE RELATED ART

[0002] Network communications have become a fundamental part of today'scomputing. It is not uncommon to find two or more computer systemsworking together to resolve computing issues such as simulations,modeling, forecasting, etc. In fact, networked computer systems workingtogether have been so successful, users have been inclined to design andimplement substantially larger networks.

[0003] As the networks grow larger, increasingly complex, and interfacewith a variety of diverse networks, it is the task of a network manager(or administrator or user) to keep track of the devices on the networks,to monitor performances and load, and to diagnose and correct problemswith the network.

[0004] To assist a network manager, network management software may beused in the management of a network. Conventional network managementsoftware typically executes on a management device or node of thenetwork. From the management node, the conventional network managementsoftware may be configured to determine a network topology, detectmalfunctioning remote network devices or communication links, monitornetwork traffic, etc.

[0005] As part of the management duties, a network management softwaremay be used to determine a topology or map of a managed network.Typically, a network manager may enable a discovery function of thenetwork management software to detect connected devices on the managednetwork. For example, a management node executing the conventionalnetwork management software may initiate a “ping sweep” to discoverdevices. In the “ping sweep”, the management node may put out a messagewith an address and wait for a response from the address. If there is aresponse, a network device exists for the address. The management nodetypically executes the “ping sweep” for a range of addresses.

[0006] However, the “ping sweep” may be applicable if the remote deviceshave Internet protocol (IP) addresses. An IP address of a network deviceidentifies a particular network on the Internet and an identifier of thenetwork device within the particular network. For nomenclature, an IPaddress may be considered as a layer-3 address.

[0007] Often, in a network, not all of the network devices have alayer-3 address. For example, a repeater or a hub may not require alayer-3 address, since they function more as a relay than as a source ordestination for network traffic. Typically, repeaters and hubs each havea layer-2 address, which may be defined as a physical address of adevice within a network. Accordingly, a “ping sweep” may not be able todiscover a network device with a layer-2 address.

[0008] Moreover, as new network devices are added to a network, a newdevice may often be put into an environment with existing networkdevices, which may or may not have advanced management capabilities. Anetwork manager of the network may attempt to map the topology of thenetwork to understand how the various network devices are connected anduse the map to assist in resolving problems within the network. However,since not all the network devices have the same level of managementcapabilities, e.g., layer-3 addressing, often older network devices areomitted or placed in the wrong configuration. Alternatively, a networkmanagement software may not be able to discover network devices, becausea network device may have restricted access, mis-configuration of anetwork device, mis-inventoried network device, etc.

SUMMARY OF THE INVENTION

[0009] In accordance with the principles of the present invention, amethod for determining network topology includes querying a plurality ofremote devices for layer-2 address information. The layer-2 addressinformation is configured to provide at least one detected layer-2address for each remote device of the plurality of remote devices. Themethod further includes inferencing an intermediate device in responseto an identification of a plurality of detected layer-2 addresses forone remote device of the plurality of remote devices.

[0010] One aspect of the present invention provides for a method ofmanaging a network. The method includes receiving a command where thecommand is configured to determine a configuration of said network. Themethod further includes polling a plurality of remote devices forlayer-2 address information, the layer-2 address information configuredto provide at least one detected layer-2 address by each remote deviceof the plurality of remote devices, and determining an intermediatedevice in response to an identification of a plurality of detectedlayer-2 addresses for one remote device of the plurality of remotedevices.

[0011] Another aspect of the present invention provides for a system fordetermining a network topology. The system includes at least oneprocessor, a memory coupled to at least one processor, and a networkmanagement software residing in said memory and executing on at leastone processor. The network management software is configured to query aplurality of remote devices for layer-2 address information. The layer-2address information is configured to provide at least one detectedlayer-2 address for each remote device of the plurality of remotedevices. The network management software is further configured toinference an intermediate device in response to an identification of aplurality of detected layer-2 addresses for one remote device of theplurality of remote devices.

[0012] Additional advantages and novel features of the invention will beset forth in part in the description which follows and in part willbecome apparent to those skilled in the art upon examination of thefollowing or may be learned by practice of the invention.

DESCRIPTION OF THE DRAWINGS

[0013] Features and advantages of the present invention will becomeapparent to those skilled in the art from the following description withreference to the drawings, in which:

[0014]FIG. 1 illustrates a block diagram of a computer network in whichan embodiment of the present invention may be implemented;

[0015]FIG. 2 illustrates an exemplary computer system in which anexemplary embodiment of the present invention may be implemented;

[0016]FIG. 3 illustrates a software architecture of an embodiment of adevice finder module according to the principles of the presentinvention;

[0017]FIG. 4 illustrates a plurality of network devices interfaced witha network in which an embodiment of the present invention may beutilized;

[0018]FIG. 5 illustrates an exemplary ordered table by an embodiment ofthe present invention; and

[0019]FIG. 6 illustrates a flow diagram of the device finder moduleshown in FIG. 3.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0020] For simplicity and illustrative purposes, the principles of thepresent invention are described by referring mainly to an exemplaryembodiment thereof. Although the preferred embodiment of the inventionmay be practiced as a software system, one of ordinary skill in the artwill readily recognize that the same principles are equally applicableto, and can be implemented in, a hardware system, and that any suchvariation would be within such modifications that do not depart from thetrue spirit and scope of the present invention.

[0021] In accordance with the principles of the present invention, adevice discovery module of a network management software is utilized todiscover the presence of layer-2 network devices. When enabled by acommand from the network management software, the device discoverymodule may be configured to query or poll all network devices forinformation. The device discovery module may be configured to queryaddress information from an address resolution protocol (37 ARP”) cacheor a management information base (“MIB”) database of a remote networkdevice of a plurality of remote network devices. The ARP cache (or MIBdatabase) may contain addresses, e.g., layer-2 addresses of othernetwork devices contacted by the queried network device. The devicediscovery module may be further configured to retrieve from the queriednetwork device the port type and port configuration. After retrievingthe address information, the device discovery module organizes theaddress information in an ordered list starting with the identified portof a network device and address information detected on the identifiedport.

[0022] If the identified port has been identified as a singlepoint-to-point connection, and there are multiple addresses detected onthat port, there may be an inference that there is a layer-2 onlyaddressable device connecting the remote network device of theidentified port with the devices of each address heard. Otherwise, ifthe identified port has been identified as a single point-to-pointconnection, and there is only one address detected, this is an inferenceis made that there are no intervening devices.

[0023]FIG. 1 illustrates a block diagram of a computer network 100 inwhich an embodiment of the present invention may be implemented. Inparticular, the computer network 100 includes a management node 110, anetwork 120 and network devices 130 a . . . 130 n. The management node110 may be configured to provide a network manager with the capabilityto monitor and maintain the network 120 with the connected networkdevices 130 a . . . 130 n.

[0024] The network 120 may be configured to provide a communication pathbetween the management node 110 and the network devices 130 a . . . 130n. The network 130 may include a wide area network, a local areanetwork, a wireless network, etc.

[0025] The network devices 130 a . . . 130 n may be any type of devicethat may be configured to interface with the network 120. The type ofdevices may include a printer, a facsimile, a personal computer, aclient, a server, etc. The network devices 130 a . . . 130 n may befurther configured to have at least a layer-2 address, e.g., a mediaaccess control (“MAC”) address. However, a network device may be furtherconfigured to concurrently be addressable by other address levels, e.g.,a layer-3 address.

[0026] The management node 110 may be further configured to includenetwork management software 140 and a network interface 150. The networkmanagement software 140 may be configured to provide to the managementnode the capability to monitor and maintain the network 120 through thenetwork interface 150. The network management software 140 may befurther configured to discover unmapped layer-2 addressable networkdevices interfaced with the network 120. The network interface 150 maybe configured to provide a communication interface between themanagement node 110 and the network 120. Accordingly, a network managerof the network management software 110 may be able to detect layer-2network devices that had previously been undetected by conventionalnetwork management software.

[0027]FIG. 2 illustrates an exemplary computer system 200 in which anexemplary embodiment of the present invention may be implemented. Thefunctions of the network management software 140 are implemented inprogram code and executed by the computer system 200. In particular, thecomputer system 200 includes one or more processors, such as processor202 that provides an execution platform for the network managementsoftware 140. Commands and data from the processor 202 are communicatedover a communication bus 204. The computer system 200 also includes amain memory 206, preferably Random Access Memory (RAM), where thesoftware for the network management software 140 is executed duringruntime, and a secondary memory 208. The secondary memory 208 includes,for example, a hard disk drive 210 and/or a removable storage drive 212,representing a floppy diskette drive, a magnetic tape drive, a compactdisk drive, etc., where a copy of software for the network managementsoftware 140 may be stored. The removable storage drive 212 reads fromand/or writes to a removable storage unit 214 in a well-known manner. Anetwork manager interfaces with the network management software 140 witha keyboard 216, a mouse 218, and a display 220. The display adaptor 222interfaces with the communication bus 204 to receive display data fromthe processor 202 and converts the display data into display commandsfor the display 220. The network interface 150 provides a communicationinterface between the management node 110 and the network 120.

[0028]FIG. 3 illustrates a software architecture of an exemplaryembodiment of a device discovery module 300 of the network managementsoftware 140 according to the principles of the present invention. Inparticular, the device discovery module 300 may be configured todiscover unmapped layer-2 addressable network devices interfaced withthe network 120. The device discovery module 300 may be furtherconfigured to discover the unmapped layer-2 addressable network devicesin response to a command from the network manager software 140. Thedevice discovery module 300 may include at least a device finder module310, a topology database 320, and a display module 330.

[0029] The device finder module 310 is configured to poll or query allknown network devices for port information and address information,e.g., addresses of other network devices, associated with each port. Theknown network devices may have been initially determined by usingconventional methods of discovery. A polled network device may store theport information and address information in a MIB database containedwithin the polled network device. Alternatively, the address informationrelating to detected addresses by the polled network device may bestored in an ARP cache of the polled network device.

[0030] The device finder module 310 is further configured to store theretrieved information from the remote network devices in a memory 340.The retrieved information may be stored in a tabular format, a linkedlist format, etc.

[0031] The device finder module 310 is further configured to interfacewith a topology database 320. The topology database 320 may beconfigured to receive discovered network devices from the device findermodule 310 and to store the location of the discovered network devicesfor later display by the display module 330.

[0032] The device finder module 310 is further configured to determinethe presence of unmapped layer-2 only addressable network devicesthrough an inference methodology. The device finder module 310 isconfigured to re-order (or sort) the retrieved information by remotedevice. For each remote device, the retrieved information is sortedagain by port number.

[0033] From the ordered table, the inference methodology may infer thepresence of an unmapped layer-2 only addressable device by detectingmultiple addresses for a port that has been designated as apoint-to-point connection. Otherwise, if the port has been designated asa multiple connection, the inference may not be valid. An example of thedevice discovery module in operation is detailed in FIG. 4.

[0034]FIG. 4 illustrates a plurality of network devices 400 a . . . 400d interfaced with a network 410 in which an embodiment of the presentinvention may be utilized. In particular, the network device 400 a isconfigured to interface with network device 400 b. Network device 400 bis configured to interface with network device 400 c and network device400 d. The network devices, 400 a, 400 c, and 400 d, are furtherconfigured to be layer-3 address capable, i.e., capable of performinglayer-3 addressing. The network device 400 b is further configured to belayer-2 address capable, i.e., capable of performing only layer-2addressing.

[0035] The network devices, 400 a . . . 400 d, are further configured tointerface with the network 410. The network 410 may be configured toprovide a communication path between a management node 420 and thenetwork devices 400 a . . . 400 d. The management node 420 may beconfigured to execute the network management software 140 and with anembodiment of the device discovery module 300 according to theprinciples of the present invention. Accordingly, using the networkmanagement software 140, the management node 420 may be furtherconfigured to discover unmapped layer-2 network devices.

[0036] The network devices 400 a, 400 c, and 400 d are furtherconfigured to store address information relating to network deviceinteraction. The address information may include a number of ports, typeof connection for each port (i.e., point-to-point, also known asnon-shared (NS)), shared, etc., detected addresses on each port, and thelike. The network devices 400 a, 400 c, and 400 d may be furtherconfigured to store the address information in an allocated memory, 405a, 405 c, 405 d, e.g., management information database, an addressresolution protocol (“ARP”) cache, etc., of each respective networkdevice, 400 a, 400 c, and 400 d. The address information may be storedas a table, a linked list, or the like.

[0037] A network manager may have initiated a conventional networkdiscovery technique, e.g., a ping sweep, to discover network devices 400a, 400 c and 400 d. However, the network device 400 b is configured tobe only layer-2 addressable, and thus, conventional network discoverytechniques would not discover network device 400 b.

[0038] A network manager may utilize an embodiment of the presentinvention, e.g., a device discovery module, to discover network device400 b. The network manager may initiate a command from the networkmanagement software 140 to initiate the device discovery module 300. Thecommand may be issued in response to a selection of the command from amenu bar on a graphical user interface of the network managementsoftware 140. Alternatively, the network management software 140 may beconfigured to provide a network manager a command line prompt tomanually input the command.

[0039] As discussed herein above, the device discovery module 300 may beconfigured to poll or query each previously discovered or known networkdevice 400 a, 400 c, and 400 d, for the address information stored inthe respective allocated memory 405 a, 405 c, and 405 d. The devicediscovery module 300 may be configured to store the retrievedinformation in a memory location allocated to the device discoverymodule 300. The address information may be stored in a table, a linkedlist, or the like. The device discovery module 300 may be furtherconfigured to sort or order the table according to network device nameand port number keys to create an ordered table 500, as shown in FIG. 5.

[0040]FIG. 5 illustrates an ordered table 500 generated by the sortingof the stored address information according to an embodiment of thepresent invention. In particular, the ordered table 500 shows fornetwork device A and port number one, that network device 400 a detectedthe address of network device 400 c and network device 400 d, in rows505 and 510, respectively. Furthermore, ordered table 500 shows fornetwork device 400 c and network device 400 d, that they both detectedthe address of network device 400 a, as shown in rows 515 and 520respectively. Since, the port of network device 400 a is known to be apoint-to-point connection, there is an inference that there is anintermediate device 400 b between the network devices 400 a, 400 c, and400 d. Accordingly, the device discovery module 300 may be furtherconfigured to add intermediate device 400 b to the topology database 320of the network management software 140.

[0041]FIG. 6 illustrates an exemplary flow diagram 600 of the devicediscovery module 300 shown in FIG. 3 according to the principles of thepresent invention. In particular, the device discovery module 300 may beconfigured to receive a command configured to initiate a devicediscovery, in step 605.

[0042] In step 610, the device discovery module 300 may be furtherconfigured to query or poll known network devices for networkinformation. For each network device, the network information mayinclude the number of ports, the type of connection for each port, andaddresses detected at each port.

[0043] In step 615, the device discovery module 300 may be furtherconfigured to store the retrieved network information in an allocatedmemory location. The network information may be stored in a tabularformat, a linked list, or the like.

[0044] In step 620, the device discovery module 300 may be furtherconfigured to sort the stored network information according to networkdevice and by port number. Subsequently, the device discovery module 300may be further configured to determine if there are multiple addressesdetected by a port configured to be point-to-point of a network device,in step 625. If there are multiple addresses detected for a networkdevice, an intermediate device may be inferred. The location of theintermediate device in relative position to the known network device isstored in a topology database of the network management software 140, instep 630. The topology database may be adapted to provide information toother modules, e.g., the display module 320 of the network managementsoftware 140.

[0045] According to the disclosed embodiment, a device discovery moduleof a network management software is utilized to discover the presence oflayer-2 network devices. When enabled by a command from the networkmanagement software, the device discovery module may be configured toquery or poll all network devices for information. The device discoverymodule may be configured to seek address information from an ARP cacheand/or a MIB database of a queried network device. The ARP cache and/orthe MIB database may contain addresses, e.g., layer-2 addresses, ofother network devices contacted by the queried network device. Thedevice discovery module may be further configured to retrieve from thequeried network device the port type and port configuration. Afterretrieving the address information, the device discovery moduleorganizes the address information in an ordered list starting with theidentified port of a network device and address information detected onthe identified port. If the identified port has been identified as asingle point-to-point connection, and there are multiple addressesdetected on that port, this is an inference that there is a deviceconnecting the remote device of the identified port with the devices ofeach address heard. Otherwise, if the identified port has beenidentified as a single point-to-point connection, and there is only oneaddress detected, this is an inference that there are no interveningdevices. Accordingly, a network manager may be provided the capabilityof detecting unmapped layer-2 addressable devices within a network,thereby providing better diagnostic and monitoring capability for thenetwork manager.

[0046] While the invention has been described with reference to theexemplary embodiments thereof, those skilled in the art will be able tomake various modifications to the described embodiments of the inventionwithout departing from the true spirit and scope of the invention. Theterms and descriptions used herein are set forth by way of illustrationonly and are not meant as limitations. In particular, although themethod of the present invention has been described by examples, thesteps of the method may be performed in a different order thanillustrated or simultaneously. Those skilled in the art will recognizethat these and other variations are possible within the spirit and scopeof the invention as defined in the following claims and theirequivalents.

What is claimed is:
 1. A method for determining network topologycomprising: querying a plurality of remote devices for layer-2 addressinformation, said layer-2 address information configured to provide atleast one detected layer-2 address by each remote device of saidplurality of remote devices; and inferencing an intermediate device inresponse to an identification of a plurality of detected layer-2addresses for one remote device of said plurality of remote devices. 2.The method for determining network topology according to claim 1,further comprising: querying said plurality of remote devices for portinformation, said port information configured to provide a type ofconnection for each port of each remote device of said plurality ofremote devices; storing said port information and said layer-2 addressinformation for each remote device of said plurality of remote devices;and grouping said port information and said layer-2 address informationfor each remote device of said plurality of remote devices.
 3. Themethod for determining network topology according to claim 2, furthercomprising: querying an address resolution protocol cache for eachremote device of said plurality of remote devices for said layer-2address information.
 4. The method for determining network topologyaccording to claim 3, wherein said type of connection comprises a singlepoint-to-point connection.
 5. The method for determining networktopology according to claim 1, further comprising: inferencing a directconnection in response to another identification of a single detectedlayer-2 address for one remote device of said plurality of remotedevices.
 6. The method for determining network topology according toclaim 5, further comprising: repeating said inferencing for each remotedevice of said plurality of remote devices.
 7. A method of managing anetwork, comprising: receiving a command, said command configured todetermine a configuration of said network; polling a plurality of remotedevices for layer-2 address information, said layer-2 addressinformation configured to provide at least one detected layer-2 addressfor each remote device of said plurality of remote devices; anddetermining an intermediate device in response to an identification of aplurality of detected layer-2 addresses for one remote device of saidplurality of remote devices.
 8. The method for managing a networkaccording to claim 7, further comprising: determining a directconnection in response to another identification of a single detectedlayer-2 address for one remote device of said plurality of remotedevices.
 9. The method for managing a network according to claim 8,further comprising: polling said plurality of remote devices for portinformation, said port information configured to provide a type ofconnection for each port of each remote device of said plurality ofremote devices; storing said port information and said layer-2 addressinformation for each remote device of said plurality of remote devices;and grouping said port information and said layer-2 address informationfor each remote device of said plurality of remote devices.
 10. Themethod for managing a network according to claim 9, further comprising:polling an address resolution protocol cache of each remote device ofsaid plurality of remote devices for said layer-2 address information.11. The method for managing a network according to claim 10, furthercomprising: repeating said determining on said grouping for each remotedevice of said plurality of remote devices; and storing eachintermediate device determined from said repeating in a network topologydatabase.
 12. The method for managing a network according to claim 11,further comprising: displaying a network topology map with said eachintermediate device generated from said network topology database inresponse to a second command, said second command configured to displaysaid network topology map.
 13. A system for determining a networktopology, comprising: at least one processor; a memory coupled to saidat least one processor; and a network management software residing insaid memory and executing on at least one processor, said networkmanagement software configured to query a plurality of remote devicesfor layer-2 address information, said layer-2 address informationconfigured to provide at least one detected layer-2 address by eachremote device of said plurality of remote devices, and to inference anintermediate device in response to an identification of a plurality ofdetected layer-2 addresses for one remote device of said plurality ofremote devices.
 14. The system for determining a network topologyaccording to claim 13, wherein: said network management software isfurther configured to query said plurality of remote devices for portinformation, said port information configured to provide type ofconnection for each port of each remote device of said plurality ofremote devices, to store said port information and said layer-2 addressinformation of each remote device of said plurality of remote devices,and to group said port information and said layer-2 address informationfor each remote device of said plurality of remote devices.
 15. Thesystem for determining a network topology according to claim 14,wherein: said network management software is further configured to queryan address resolution protocol cache of each remote device of saidplurality of remote devices for said layer-2 address information. 16.The system for determining a network topology according to claim 15,wherein said type of connection comprises a single point-to-pointconnection.
 17. The system for determining a network topology accordingto claim 16, wherein: said network management software is furtherconfigured to inference a direct connection in response to anotheridentification of a single detected layer-2 address for one remotedevice of said plurality of remote devices.
 18. The system fordetermining a network topology according to claim 16, wherein: repeatingsaid inference for each remote device of said plurality of remotedevices.